From 11207ca42fd66a709bcba5cb1f5b692f51c618f6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:08:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 1999/0xxx/CVE-1999-0742.json | 120 +++++------ 2000/0xxx/CVE-2000-0035.json | 130 ++++++------ 2000/0xxx/CVE-2000-0278.json | 130 ++++++------ 2007/0xxx/CVE-2007-0029.json | 200 +++++++++---------- 2007/0xxx/CVE-2007-0686.json | 130 ++++++------ 2007/0xxx/CVE-2007-0934.json | 220 ++++++++++---------- 2007/1xxx/CVE-2007-1147.json | 140 ++++++------- 2007/1xxx/CVE-2007-1316.json | 34 ++-- 2007/5xxx/CVE-2007-5034.json | 310 ++++++++++++++--------------- 2007/5xxx/CVE-2007-5149.json | 190 +++++++++--------- 2007/5xxx/CVE-2007-5396.json | 170 ++++++++-------- 2007/5xxx/CVE-2007-5784.json | 150 +++++++------- 2015/3xxx/CVE-2015-3182.json | 170 ++++++++-------- 2015/3xxx/CVE-2015-3610.json | 120 +++++------ 2015/3xxx/CVE-2015-3621.json | 140 ++++++------- 2015/6xxx/CVE-2015-6006.json | 130 ++++++------ 2015/6xxx/CVE-2015-6204.json | 34 ++-- 2015/6xxx/CVE-2015-6281.json | 34 ++-- 2015/7xxx/CVE-2015-7146.json | 34 ++-- 2015/7xxx/CVE-2015-7744.json | 200 +++++++++---------- 2015/7xxx/CVE-2015-7988.json | 150 +++++++------- 2015/8xxx/CVE-2015-8203.json | 34 ++-- 2015/8xxx/CVE-2015-8775.json | 34 ++-- 2016/0xxx/CVE-2016-0026.json | 140 ++++++------- 2016/0xxx/CVE-2016-0830.json | 140 ++++++------- 2016/1000xxx/CVE-2016-1000149.json | 140 ++++++------- 2016/1xxx/CVE-2016-1575.json | 160 +++++++-------- 2016/1xxx/CVE-2016-1619.json | 220 ++++++++++---------- 2016/5xxx/CVE-2016-5172.json | 190 +++++++++--------- 2016/5xxx/CVE-2016-5307.json | 140 ++++++------- 2016/5xxx/CVE-2016-5371.json | 34 ++-- 2016/5xxx/CVE-2016-5554.json | 310 ++++++++++++++--------------- 2019/0xxx/CVE-2019-0047.json | 34 ++-- 2019/0xxx/CVE-2019-0116.json | 34 ++-- 2019/0xxx/CVE-2019-0148.json | 34 ++-- 2019/0xxx/CVE-2019-0629.json | 34 ++-- 2019/0xxx/CVE-2019-0782.json | 34 ++-- 2019/1xxx/CVE-2019-1034.json | 34 ++-- 2019/1xxx/CVE-2019-1421.json | 34 ++-- 2019/3xxx/CVE-2019-3138.json | 34 ++-- 2019/4xxx/CVE-2019-4083.json | 34 ++-- 2019/4xxx/CVE-2019-4127.json | 34 ++-- 2019/4xxx/CVE-2019-4479.json | 34 ++-- 2019/4xxx/CVE-2019-4800.json | 34 ++-- 2019/5xxx/CVE-2019-5123.json | 34 ++-- 2019/5xxx/CVE-2019-5647.json | 34 ++-- 2019/5xxx/CVE-2019-5892.json | 180 ++++++++--------- 2019/8xxx/CVE-2019-8129.json | 34 ++-- 2019/8xxx/CVE-2019-8263.json | 132 ++++++------ 2019/8xxx/CVE-2019-8551.json | 34 ++-- 2019/8xxx/CVE-2019-8725.json | 34 ++-- 2019/9xxx/CVE-2019-9202.json | 34 ++-- 2019/9xxx/CVE-2019-9477.json | 34 ++-- 2019/9xxx/CVE-2019-9538.json | 34 ++-- 54 files changed, 2735 insertions(+), 2735 deletions(-) diff --git a/1999/0xxx/CVE-1999-0742.json b/1999/0xxx/CVE-1999-0742.json index 307d245279d..ea9390ca5db 100644 --- a/1999/0xxx/CVE-1999-0742.json +++ b/1999/0xxx/CVE-1999-0742.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-1999-0742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Debian mailman package uses weak authentication, which allows attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-1999-0742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Debian mailman package uses weak authentication, which allows attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/480" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0035.json b/2000/0xxx/CVE-2000-0035.json index 8662bbd7cf5..1c710b535ea 100644 --- a/2000/0xxx/CVE-2000-0035.json +++ b/2000/0xxx/CVE-2000-0035.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "resend command in Majordomo allows local users to gain privileges via shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000113 Info on some security holes reported against SCO Unixware.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=94780294009285&w=2" - }, - { - "name" : "902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "resend command in Majordomo allows local users to gain privileges via shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000113 Info on some security holes reported against SCO Unixware.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=94780294009285&w=2" + }, + { + "name": "902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/902" + } + ] + } +} \ No newline at end of file diff --git a/2000/0xxx/CVE-2000-0278.json b/2000/0xxx/CVE-2000-0278.json index 110b161b800..14d8eed2dc5 100644 --- a/2000/0xxx/CVE-2000-0278.json +++ b/2000/0xxx/CVE-2000-0278.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2000-0278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2000-0278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/current/0006.html" - }, - { - "name" : "1089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/1089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/current/0006.html" + }, + { + "name": "1089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/1089" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0029.json b/2007/0xxx/CVE-2007-0029.json index f7b8258297a..7b2bb901346 100644 --- a/2007/0xxx/CVE-2007-0029.json +++ b/2007/0xxx/CVE-2007-0029.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka \"Excel Malformed String Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-0029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02184", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/457274/100/0/threaded" - }, - { - "name" : "SSRT071296", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/457274/100/0/threaded" - }, - { - "name" : "MS07-002", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002" - }, - { - "name" : "TA07-009A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-009A.html" - }, - { - "name" : "21877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21877" - }, - { - "name" : "ADV-2007-0103", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0103" - }, - { - "name" : "31256", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31256" - }, - { - "name" : "oval:org.mitre.oval:def:1102", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1102" - }, - { - "name" : "1017487", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka \"Excel Malformed String Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA07-009A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-009A.html" + }, + { + "name": "oval:org.mitre.oval:def:1102", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1102" + }, + { + "name": "1017487", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017487" + }, + { + "name": "HPSBST02184", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded" + }, + { + "name": "21877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21877" + }, + { + "name": "ADV-2007-0103", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0103" + }, + { + "name": "MS07-002", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-002" + }, + { + "name": "SSRT071296", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/457274/100/0/threaded" + }, + { + "name": "31256", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31256" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0686.json b/2007/0xxx/CVE-2007-0686.json index a57567a50de..0dd83898eb9 100644 --- a/2007/0xxx/CVE-2007-0686.json +++ b/2007/0xxx/CVE-2007-0686.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of \"internal kernel structures,\" a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-0686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3224", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3224" - }, - { - "name" : "37996", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of \"internal kernel structures,\" a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3224", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3224" + }, + { + "name": "37996", + "refsource": "OSVDB", + "url": "http://osvdb.org/37996" + } + ] + } +} \ No newline at end of file diff --git a/2007/0xxx/CVE-2007-0934.json b/2007/0xxx/CVE-2007-0934.json index 5ae4445cb3b..7908580eb04 100644 --- a/2007/0xxx/CVE-2007-0934.json +++ b/2007/0xxx/CVE-2007-0934.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-0934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2007-0934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02231", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded" - }, - { - "name" : "SSRT071438", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/471947/100/0/threaded" - }, - { - "name" : "MS07-030", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030" - }, - { - "name" : "TA07-163A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" - }, - { - "name" : "24349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24349" - }, - { - "name" : "35342", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35342" - }, - { - "name" : "ADV-2007-2150", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2150" - }, - { - "name" : "oval:org.mitre.oval:def:1925", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1925" - }, - { - "name" : "1018227", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018227" - }, - { - "name" : "25619", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25619" - }, - { - "name" : "visio-version-code-execution(34607)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1925", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1925" + }, + { + "name": "25619", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25619" + }, + { + "name": "MS07-030", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-030" + }, + { + "name": "SSRT071438", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" + }, + { + "name": "ADV-2007-2150", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2150" + }, + { + "name": "visio-version-code-execution(34607)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34607" + }, + { + "name": "1018227", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018227" + }, + { + "name": "TA07-163A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html" + }, + { + "name": "24349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24349" + }, + { + "name": "35342", + "refsource": "OSVDB", + "url": "http://osvdb.org/35342" + }, + { + "name": "HPSBST02231", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1147.json b/2007/1xxx/CVE-2007-1147.json index 7f2674a3a1e..b3e0fb7b8c0 100644 --- a/2007/1xxx/CVE-2007-1147.json +++ b/2007/1xxx/CVE-2007-1147.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070222 Hasadya Raed", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/460933/100/0/threaded" - }, - { - "name" : "36878", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36878" - }, - { - "name" : "2339", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2339", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2339" + }, + { + "name": "36878", + "refsource": "OSVDB", + "url": "http://osvdb.org/36878" + }, + { + "name": "20070222 Hasadya Raed", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/460933/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2007/1xxx/CVE-2007-1316.json b/2007/1xxx/CVE-2007-1316.json index 837f3df1029..ccf28dc69a1 100644 --- a/2007/1xxx/CVE-2007-1316.json +++ b/2007/1xxx/CVE-2007-1316.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-1316", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-1316", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5034.json b/2007/5xxx/CVE-2007-5034.json index f38f42013d1..db2d3d3d6ba 100644 --- a/2007/5xxx/CVE-2007-5034.json +++ b/2007/5xxx/CVE-2007-5034.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2007-5034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20071005 rPSA-2007-0209-1 elinks", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481606/100/0/threaded" - }, - { - "name" : "http://bugzilla.elinks.cz/show_bug.cgi?id=937", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.elinks.cz/show_bug.cgi?id=937" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=297981", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=297981" - }, - { - "name" : "DSA-1380", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1380" - }, - { - "name" : "FEDORA-2007-2224", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00335.html" - }, - { - "name" : "FEDORA-2007-710", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.html" - }, - { - "name" : "RHSA-2007:0933", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0933.html" - }, - { - "name" : "USN-519-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-519-1" - }, - { - "name" : "25799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25799" - }, - { - "name" : "oval:org.mitre.oval:def:10335", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10335" - }, - { - "name" : "ADV-2007-3278", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3278" - }, - { - "name" : "1018764", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018764" - }, - { - "name" : "26936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26936" - }, - { - "name" : "26956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26956" - }, - { - "name" : "26949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26949" - }, - { - "name" : "27062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27062" - }, - { - "name" : "27125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27125" - }, - { - "name" : "27132", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27132" - }, - { - "name" : "27038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26956" + }, + { + "name": "oval:org.mitre.oval:def:10335", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10335" + }, + { + "name": "http://bugzilla.elinks.cz/show_bug.cgi?id=937", + "refsource": "CONFIRM", + "url": "http://bugzilla.elinks.cz/show_bug.cgi?id=937" + }, + { + "name": "27062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27062" + }, + { + "name": "FEDORA-2007-2224", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00335.html" + }, + { + "name": "27125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27125" + }, + { + "name": "DSA-1380", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1380" + }, + { + "name": "26936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26936" + }, + { + "name": "RHSA-2007:0933", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0933.html" + }, + { + "name": "20071005 rPSA-2007-0209-1 elinks", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481606/100/0/threaded" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=297981", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=297981" + }, + { + "name": "1018764", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018764" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/elinks/+bug/141018" + }, + { + "name": "FEDORA-2007-710", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00079.html" + }, + { + "name": "25799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25799" + }, + { + "name": "USN-519-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-519-1" + }, + { + "name": "ADV-2007-3278", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3278" + }, + { + "name": "27132", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27132" + }, + { + "name": "26949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26949" + }, + { + "name": "27038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27038" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5149.json b/2007/5xxx/CVE-2007-5149.json index 5176d2904fc..e893919f857 100644 --- a/2007/5xxx/CVE-2007-5149.json +++ b/2007/5xxx/CVE-2007-5149.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070929 Public Media Manager <= 1.3 Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/481073/100/0/threaded" - }, - { - "name" : "4465", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4465" - }, - { - "name" : "http://arfis.wordpress.com/2007/09/14/rfi-02-public-media-manager/", - "refsource" : "MISC", - "url" : "http://arfis.wordpress.com/2007/09/14/rfi-02-public-media-manager/" - }, - { - "name" : "25860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25860" - }, - { - "name" : "ADV-2007-3310", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3310" - }, - { - "name" : "37399", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37399" - }, - { - "name" : "27020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27020" - }, - { - "name" : "pmm-newstopicinc-file-include(36866)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25860" + }, + { + "name": "37399", + "refsource": "OSVDB", + "url": "http://osvdb.org/37399" + }, + { + "name": "http://arfis.wordpress.com/2007/09/14/rfi-02-public-media-manager/", + "refsource": "MISC", + "url": "http://arfis.wordpress.com/2007/09/14/rfi-02-public-media-manager/" + }, + { + "name": "ADV-2007-3310", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3310" + }, + { + "name": "20070929 Public Media Manager <= 1.3 Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/481073/100/0/threaded" + }, + { + "name": "4465", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4465" + }, + { + "name": "27020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27020" + }, + { + "name": "pmm-newstopicinc-file-include(36866)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36866" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5396.json b/2007/5xxx/CVE-2007-5396.json index bc1f78d6e8a..cb4b9365edb 100644 --- a/2007/5xxx/CVE-2007-5396.json +++ b/2007/5xxx/CVE-2007-5396.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2007-5396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2007-89/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2007-89/advisory/" - }, - { - "name" : "http://miranda.svn.sourceforge.net/viewvc/miranda/trunk/miranda/protocols/Yahoo/yahoo.c?r1=6601&r2=6699&diff_format=l", - "refsource" : "CONFIRM", - "url" : "http://miranda.svn.sourceforge.net/viewvc/miranda/trunk/miranda/protocols/Yahoo/yahoo.c?r1=6601&r2=6699&diff_format=l" - }, - { - "name" : "26389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26389" - }, - { - "name" : "ADV-2007-3823", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3823" - }, - { - "name" : "27402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27402" - }, - { - "name" : "mirandaim-extyahoocontact-format-string(38362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-3823", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3823" + }, + { + "name": "mirandaim-extyahoocontact-format-string(38362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38362" + }, + { + "name": "27402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27402" + }, + { + "name": "26389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26389" + }, + { + "name": "http://secunia.com/secunia_research/2007-89/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2007-89/advisory/" + }, + { + "name": "http://miranda.svn.sourceforge.net/viewvc/miranda/trunk/miranda/protocols/Yahoo/yahoo.c?r1=6601&r2=6699&diff_format=l", + "refsource": "CONFIRM", + "url": "http://miranda.svn.sourceforge.net/viewvc/miranda/trunk/miranda/protocols/Yahoo/yahoo.c?r1=6601&r2=6699&diff_format=l" + } + ] + } +} \ No newline at end of file diff --git a/2007/5xxx/CVE-2007-5784.json b/2007/5xxx/CVE-2007-5784.json index 13f6cceca61..76f0e6ed62e 100644 --- a/2007/5xxx/CVE-2007-5784.json +++ b/2007/5xxx/CVE-2007-5784.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2007-5784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2007-5784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4577", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/4577" - }, - { - "name" : "26239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/26239" - }, - { - "name" : "ADV-2007-3643", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3643" - }, - { - "name" : "cauposhop-index-file-include(38122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/26239" + }, + { + "name": "4577", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/4577" + }, + { + "name": "cauposhop-index-file-include(38122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38122" + }, + { + "name": "ADV-2007-3643", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3643" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3182.json b/2015/3xxx/CVE-2015-3182.json index 31e6394e81c..443b6561f80 100644 --- a/2015/3xxx/CVE-2015-3182.json +++ b/2015/3xxx/CVE-2015-3182.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-3182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1219409", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1219409" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=373deb5f4182a5c4ab8c8418a7bbaa5d6e72bb05", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=373deb5f4182a5c4ab8c8418a7bbaa5d6e72bb05" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" - }, - { - "name" : "GLSA-201510-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201510-03" - }, - { - "name" : "74586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74586" - }, - { - "name" : "1032279", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1032279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1032279", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1032279" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1219409", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219409" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, + { + "name": "74586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74586" + }, + { + "name": "GLSA-201510-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201510-03" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=373deb5f4182a5c4ab8c8418a7bbaa5d6e72bb05", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=373deb5f4182a5c4ab8c8418a7bbaa5d6e72bb05" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3610.json b/2015/3xxx/CVE-2015-3610.json index b78b1633073..54b07f2a810 100644 --- a/2015/3xxx/CVE-2015-3610.json +++ b/2015/3xxx/CVE-2015-3610.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311412.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311412.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311412.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311412.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2015/3xxx/CVE-2015-3621.json b/2015/3xxx/CVE-2015-3621.json index f3f3b21b098..9cd4f776553 100644 --- a/2015/3xxx/CVE-2015-3621.json +++ b/2015/3xxx/CVE-2015-3621.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-3621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-3621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20150713 CVE-2015-3621 - Privilege Escalation In SAP ECC", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Jul/59" - }, - { - "name" : "http://packetstormsecurity.com/files/132680/SAP-ECC-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/132680/SAP-ECC-Privilege-Escalation.html" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-3621/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-3621/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/132680/SAP-ECC-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/132680/SAP-ECC-Privilege-Escalation.html" + }, + { + "name": "20150713 CVE-2015-3621 - Privilege Escalation In SAP ECC", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Jul/59" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-3621/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-3621/" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6006.json b/2015/6xxx/CVE-2015-6006.json index 24c9d11b864..36627ca9180 100644 --- a/2015/6xxx/CVE-2015-6006.json +++ b/2015/6xxx/CVE-2015-6006.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow) via a crafted packet on port 8190." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-6006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securifera.com/advisories/CVE-2015-2898-2901/", - "refsource" : "MISC", - "url" : "http://www.securifera.com/advisories/CVE-2015-2898-2901/" - }, - { - "name" : "VU#675052", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/675052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow) via a crafted packet on port 8190." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securifera.com/advisories/CVE-2015-2898-2901/", + "refsource": "MISC", + "url": "http://www.securifera.com/advisories/CVE-2015-2898-2901/" + }, + { + "name": "VU#675052", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/675052" + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6204.json b/2015/6xxx/CVE-2015-6204.json index a371f06df2a..6414a3d6848 100644 --- a/2015/6xxx/CVE-2015-6204.json +++ b/2015/6xxx/CVE-2015-6204.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6204", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6204", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/6xxx/CVE-2015-6281.json b/2015/6xxx/CVE-2015-6281.json index 95e9e76b1a4..45623b9e00f 100644 --- a/2015/6xxx/CVE-2015-6281.json +++ b/2015/6xxx/CVE-2015-6281.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-6281", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-6281", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7146.json b/2015/7xxx/CVE-2015-7146.json index c14d0787456..36a5f215ea3 100644 --- a/2015/7xxx/CVE-2015-7146.json +++ b/2015/7xxx/CVE-2015-7146.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7146", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-7146", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7744.json b/2015/7xxx/CVE-2015-7744.json index ec5785526d1..136b5e34591 100644 --- a/2015/7xxx/CVE-2015-7744.json +++ b/2015/7xxx/CVE-2015-7744.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-7744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf", - "refsource" : "MISC", - "url" : "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf" - }, - { - "name" : "https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/", - "refsource" : "MISC", - "url" : "https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/" - }, - { - "name" : "http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html", - "refsource" : "CONFIRM", - "url" : "http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "https://wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html", - "refsource" : "CONFIRM", - "url" : "https://wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "openSUSE-SU-2016:0367", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html" - }, - { - "name" : "openSUSE-SU-2016:0377", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html" - }, - { - "name" : "1034708", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2016:0367", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html" + }, + { + "name": "1034708", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034708" + }, + { + "name": "http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html", + "refsource": "CONFIRM", + "url": "http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html" + }, + { + "name": "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf", + "refsource": "MISC", + "url": "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "https://wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html", + "refsource": "CONFIRM", + "url": "https://wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html" + }, + { + "name": "https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/", + "refsource": "MISC", + "url": "https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/" + }, + { + "name": "openSUSE-SU-2016:0377", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/7xxx/CVE-2015-7988.json b/2015/7xxx/CVE-2015-7988.json index 41773401461..1c20f6e9ace 100644 --- a/2015/7xxx/CVE-2015-7988.json +++ b/2015/7xxx/CVE-2015-7988.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-7988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2015-7988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT206846", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT206846" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" - }, - { - "name" : "VU#143335", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/143335" - }, - { - "name" : "1036181", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1036181", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036181" + }, + { + "name": "https://support.apple.com/HT206846", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT206846" + }, + { + "name": "VU#143335", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/143335" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8203.json b/2015/8xxx/CVE-2015-8203.json index a2105b1e367..4e0b7c5fe33 100644 --- a/2015/8xxx/CVE-2015-8203.json +++ b/2015/8xxx/CVE-2015-8203.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8203", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-8203", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2015/8xxx/CVE-2015-8775.json b/2015/8xxx/CVE-2015-8775.json index 46e40e959de..c7f04d89468 100644 --- a/2015/8xxx/CVE-2015-8775.json +++ b/2015/8xxx/CVE-2015-8775.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-8775", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-8775", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0026.json b/2016/0xxx/CVE-2016-0026.json index d7b27c339b5..5ca7106f23b 100644 --- a/2016/0xxx/CVE-2016-0026.json +++ b/2016/0xxx/CVE-2016-0026.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2016-0026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS16-134", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" - }, - { - "name" : "93998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93998" - }, - { - "name" : "1037252", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka \"Windows Common Log File System Driver Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037252", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037252" + }, + { + "name": "MS16-134", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134" + }, + { + "name": "93998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93998" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0830.json b/2016/0xxx/CVE-2016-0830.json index ceaa71aab6e..5476954ddec 100644 --- a/2016/0xxx/CVE-2016-0830.json +++ b/2016/0xxx/CVE-2016-0830.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-0830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-0830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-03-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-03-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/system/bt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/system/bt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5" - }, - { - "name" : "84270", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/84270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/system/bt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/system/bt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5" + }, + { + "name": "http://source.android.com/security/bulletin/2016-03-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-03-01.html" + }, + { + "name": "84270", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/84270" + } + ] + } +} \ No newline at end of file diff --git a/2016/1000xxx/CVE-2016-1000149.json b/2016/1000xxx/CVE-2016-1000149.json index 26fb113679a..e97e26574b1 100644 --- a/2016/1000xxx/CVE-2016-1000149.json +++ b/2016/1000xxx/CVE-2016-1000149.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1000149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-1000149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/wp/wp_advisory.php?v=474", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/wp/wp_advisory.php?v=474" - }, - { - "name" : "https://wordpress.org/plugins/simpel-reserveren", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/simpel-reserveren" - }, - { - "name" : "93582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapidlabs.com/wp/wp_advisory.php?v=474", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/wp/wp_advisory.php?v=474" + }, + { + "name": "93582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93582" + }, + { + "name": "https://wordpress.org/plugins/simpel-reserveren", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/simpel-reserveren" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1575.json b/2016/1xxx/CVE-2016-1575.json index c4c4c3f0034..e984d67898b 100644 --- a/2016/1xxx/CVE-2016-1575.json +++ b/2016/1xxx/CVE-2016-1575.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2016-1575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160224 User Namespaces Overlayfs Xattr Setgid Privilege Escalation: Overlayfs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/02/24/7" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360" - }, - { - "name" : "http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/", - "refsource" : "MISC", - "url" : "http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/" - }, - { - "name" : "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1575.html", - "refsource" : "CONFIRM", - "url" : "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1575.html" - }, - { - "name" : "https://launchpad.net/bugs/1534961", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/1534961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360" + }, + { + "name": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1575.html", + "refsource": "CONFIRM", + "url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1575.html" + }, + { + "name": "https://launchpad.net/bugs/1534961", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/1534961" + }, + { + "name": "http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/", + "refsource": "MISC", + "url": "http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/" + }, + { + "name": "[oss-security] 20160224 User Namespaces Overlayfs Xattr Setgid Privilege Escalation: Overlayfs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/02/24/7" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1619.json b/2016/1xxx/CVE-2016-1619.json index cca7a18084b..333df6ee238 100644 --- a/2016/1xxx/CVE-2016-1619.json +++ b/2016/1xxx/CVE-2016-1619.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-1619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-1619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=557223", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=557223" - }, - { - "name" : "https://codereview.chromium.org/1521473003", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/1521473003" - }, - { - "name" : "DSA-3456", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3456" - }, - { - "name" : "GLSA-201603-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-09" - }, - { - "name" : "RHSA-2016:0072", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-0072.html" - }, - { - "name" : "openSUSE-SU-2016:0249", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html" - }, - { - "name" : "openSUSE-SU-2016:0250", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html" - }, - { - "name" : "openSUSE-SU-2016:0271", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html" - }, - { - "name" : "81430", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/81430" - }, - { - "name" : "1034801", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "81430", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/81430" + }, + { + "name": "RHSA-2016:0072", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-0072.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html" + }, + { + "name": "1034801", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034801" + }, + { + "name": "openSUSE-SU-2016:0249", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html" + }, + { + "name": "https://codereview.chromium.org/1521473003", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/1521473003" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=557223", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=557223" + }, + { + "name": "GLSA-201603-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-09" + }, + { + "name": "openSUSE-SU-2016:0271", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html" + }, + { + "name": "DSA-3456", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3456" + }, + { + "name": "openSUSE-SU-2016:0250", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5172.json b/2016/5xxx/CVE-2016-5172.json index 5a90480b69f..e1324ceecaf 100644 --- a/2016/5xxx/CVE-2016-5172.json +++ b/2016/5xxx/CVE-2016-5172.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2016-5172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://codereview.chromium.org/2077283004", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/2077283004" - }, - { - "name" : "https://crbug.com/616386", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/616386" - }, - { - "name" : "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", - "refsource" : "CONFIRM", - "url" : "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" - }, - { - "name" : "DSA-3667", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3667" - }, - { - "name" : "GLSA-201610-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-09" - }, - { - "name" : "RHSA-2016:1905", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-1905.html" - }, - { - "name" : "92942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92942" - }, - { - "name" : "1036826", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/616386", + "refsource": "CONFIRM", + "url": "https://crbug.com/616386" + }, + { + "name": "DSA-3667", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3667" + }, + { + "name": "1036826", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036826" + }, + { + "name": "92942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92942" + }, + { + "name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html", + "refsource": "CONFIRM", + "url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html" + }, + { + "name": "https://codereview.chromium.org/2077283004", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/2077283004" + }, + { + "name": "GLSA-201610-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-09" + }, + { + "name": "RHSA-2016:1905", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5307.json b/2016/5xxx/CVE-2016-5307.json index f8899ed2103..a162b45fe96 100644 --- a/2016/5xxx/CVE-2016-5307.json +++ b/2016/5xxx/CVE-2016-5307.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2016-5307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01" - }, - { - "name" : "91443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91443" - }, - { - "name" : "1036196", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01" + }, + { + "name": "1036196", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036196" + }, + { + "name": "91443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91443" + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5371.json b/2016/5xxx/CVE-2016-5371.json index 2496f89dd43..be0280d40d9 100644 --- a/2016/5xxx/CVE-2016-5371.json +++ b/2016/5xxx/CVE-2016-5371.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5371", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-5371", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/5xxx/CVE-2016-5554.json b/2016/5xxx/CVE-2016-5554.json index 8308b6fb978..790f0c4ec85 100644 --- a/2016/5xxx/CVE-2016-5554.json +++ b/2016/5xxx/CVE-2016-5554.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-5554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2016-5554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20161019-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20161019-0001/" - }, - { - "name" : "DSA-3707", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3707" - }, - { - "name" : "GLSA-201611-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201611-04" - }, - { - "name" : "GLSA-201701-43", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-43" - }, - { - "name" : "RHSA-2016:2658", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2658.html" - }, - { - "name" : "RHSA-2016:2659", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2659.html" - }, - { - "name" : "RHSA-2016:2079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2079.html" - }, - { - "name" : "RHSA-2016:2088", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2088.html" - }, - { - "name" : "RHSA-2016:2089", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2089.html" - }, - { - "name" : "RHSA-2016:2090", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2090.html" - }, - { - "name" : "RHSA-2016:2136", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2136.html" - }, - { - "name" : "RHSA-2016:2137", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2137.html" - }, - { - "name" : "RHSA-2016:2138", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2016-2138.html" - }, - { - "name" : "RHSA-2017:0061", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0061.html" - }, - { - "name" : "RHSA-2017:1216", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1216" - }, - { - "name" : "USN-3130-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3130-1" - }, - { - "name" : "USN-3154-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3154-1" - }, - { - "name" : "93637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/93637" - }, - { - "name" : "1037040", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3707", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3707" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20161019-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20161019-0001/" + }, + { + "name": "RHSA-2016:2659", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2659.html" + }, + { + "name": "RHSA-2016:2136", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2136.html" + }, + { + "name": "RHSA-2016:2079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html" + }, + { + "name": "USN-3130-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3130-1" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "RHSA-2016:2137", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2137.html" + }, + { + "name": "RHSA-2016:2138", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2138.html" + }, + { + "name": "GLSA-201701-43", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-43" + }, + { + "name": "RHSA-2016:2090", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2090.html" + }, + { + "name": "GLSA-201611-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201611-04" + }, + { + "name": "RHSA-2017:0061", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0061.html" + }, + { + "name": "93637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/93637" + }, + { + "name": "RHSA-2017:1216", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1216" + }, + { + "name": "USN-3154-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3154-1" + }, + { + "name": "RHSA-2016:2089", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2089.html" + }, + { + "name": "1037040", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037040" + }, + { + "name": "RHSA-2016:2088", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2088.html" + }, + { + "name": "RHSA-2016:2658", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0047.json b/2019/0xxx/CVE-2019-0047.json index 7fa8d888d6d..cd2f1c6967e 100644 --- a/2019/0xxx/CVE-2019-0047.json +++ b/2019/0xxx/CVE-2019-0047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0047", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0047", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0116.json b/2019/0xxx/CVE-2019-0116.json index 7d20ad87414..4564d8e8f2f 100644 --- a/2019/0xxx/CVE-2019-0116.json +++ b/2019/0xxx/CVE-2019-0116.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0116", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0116", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0148.json b/2019/0xxx/CVE-2019-0148.json index 0b4c5c7b120..3108be1e55c 100644 --- a/2019/0xxx/CVE-2019-0148.json +++ b/2019/0xxx/CVE-2019-0148.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0148", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0148", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0629.json b/2019/0xxx/CVE-2019-0629.json index 6cf05b3df0e..e1dcdbccb34 100644 --- a/2019/0xxx/CVE-2019-0629.json +++ b/2019/0xxx/CVE-2019-0629.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0629", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0629", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0782.json b/2019/0xxx/CVE-2019-0782.json index a5613b26d8b..bed765e99fc 100644 --- a/2019/0xxx/CVE-2019-0782.json +++ b/2019/0xxx/CVE-2019-0782.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-0782", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-0782", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1034.json b/2019/1xxx/CVE-2019-1034.json index 1a0ea1e68cf..33792293cca 100644 --- a/2019/1xxx/CVE-2019-1034.json +++ b/2019/1xxx/CVE-2019-1034.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1034", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1034", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1421.json b/2019/1xxx/CVE-2019-1421.json index 7d36c2c554b..43cbe7f5b89 100644 --- a/2019/1xxx/CVE-2019-1421.json +++ b/2019/1xxx/CVE-2019-1421.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-1421", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-1421", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3138.json b/2019/3xxx/CVE-2019-3138.json index 59fab4f0092..673d6b667b6 100644 --- a/2019/3xxx/CVE-2019-3138.json +++ b/2019/3xxx/CVE-2019-3138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-3138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-3138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4083.json b/2019/4xxx/CVE-2019-4083.json index 4ee81f7fe51..19465b3ecae 100644 --- a/2019/4xxx/CVE-2019-4083.json +++ b/2019/4xxx/CVE-2019-4083.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4083", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4083", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4127.json b/2019/4xxx/CVE-2019-4127.json index 4e4443b4e7f..bc64ac86608 100644 --- a/2019/4xxx/CVE-2019-4127.json +++ b/2019/4xxx/CVE-2019-4127.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4127", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4127", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4479.json b/2019/4xxx/CVE-2019-4479.json index 4c8bb077f29..c5730fa22a3 100644 --- a/2019/4xxx/CVE-2019-4479.json +++ b/2019/4xxx/CVE-2019-4479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4479", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4479", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4800.json b/2019/4xxx/CVE-2019-4800.json index c6a571d6137..d24c965e784 100644 --- a/2019/4xxx/CVE-2019-4800.json +++ b/2019/4xxx/CVE-2019-4800.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-4800", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-4800", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5123.json b/2019/5xxx/CVE-2019-5123.json index 6f4e5389f25..9258e7c8673 100644 --- a/2019/5xxx/CVE-2019-5123.json +++ b/2019/5xxx/CVE-2019-5123.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5123", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5123", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5647.json b/2019/5xxx/CVE-2019-5647.json index fcd2b133502..1a89ae404c4 100644 --- a/2019/5xxx/CVE-2019-5647.json +++ b/2019/5xxx/CVE-2019-5647.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5647", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5647", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5892.json b/2019/5xxx/CVE-2019-5892.json index 65de37af1a3..2a8582de91a 100644 --- a/2019/5xxx/CVE-2019-5892.json +++ b/2019/5xxx/CVE-2019-5892.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-5892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-5892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FRRouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a", - "refsource" : "MISC", - "url" : "https://github.com/FRRouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a" - }, - { - "name" : "https://github.com/FRRouting/frr/releases/tag/frr-3.0.4", - "refsource" : "MISC", - "url" : "https://github.com/FRRouting/frr/releases/tag/frr-3.0.4" - }, - { - "name" : "https://github.com/FRRouting/frr/releases/tag/frr-4.0.1", - "refsource" : "MISC", - "url" : "https://github.com/FRRouting/frr/releases/tag/frr-4.0.1" - }, - { - "name" : "https://github.com/FRRouting/frr/releases/tag/frr-5.0.2", - "refsource" : "MISC", - "url" : "https://github.com/FRRouting/frr/releases/tag/frr-5.0.2" - }, - { - "name" : "https://github.com/FRRouting/frr/releases/tag/frr-6.0.2", - "refsource" : "MISC", - "url" : "https://github.com/FRRouting/frr/releases/tag/frr-6.0.2" - }, - { - "name" : "https://lists.frrouting.org/pipermail/frog/2019-January/000404.html", - "refsource" : "MISC", - "url" : "https://lists.frrouting.org/pipermail/frog/2019-January/000404.html" - }, - { - "name" : "https://frrouting.org/community/security/cve-2019-5892.html", - "refsource" : "CONFIRM", - "url" : "https://frrouting.org/community/security/cve-2019-5892.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FRRouting/frr/releases/tag/frr-3.0.4", + "refsource": "MISC", + "url": "https://github.com/FRRouting/frr/releases/tag/frr-3.0.4" + }, + { + "name": "https://lists.frrouting.org/pipermail/frog/2019-January/000404.html", + "refsource": "MISC", + "url": "https://lists.frrouting.org/pipermail/frog/2019-January/000404.html" + }, + { + "name": "https://github.com/FRRouting/frr/releases/tag/frr-5.0.2", + "refsource": "MISC", + "url": "https://github.com/FRRouting/frr/releases/tag/frr-5.0.2" + }, + { + "name": "https://github.com/FRRouting/frr/releases/tag/frr-6.0.2", + "refsource": "MISC", + "url": "https://github.com/FRRouting/frr/releases/tag/frr-6.0.2" + }, + { + "name": "https://github.com/FRRouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a", + "refsource": "MISC", + "url": "https://github.com/FRRouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a" + }, + { + "name": "https://frrouting.org/community/security/cve-2019-5892.html", + "refsource": "CONFIRM", + "url": "https://frrouting.org/community/security/cve-2019-5892.html" + }, + { + "name": "https://github.com/FRRouting/frr/releases/tag/frr-4.0.1", + "refsource": "MISC", + "url": "https://github.com/FRRouting/frr/releases/tag/frr-4.0.1" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8129.json b/2019/8xxx/CVE-2019-8129.json index 1e6a8ea775f..9357cbae668 100644 --- a/2019/8xxx/CVE-2019-8129.json +++ b/2019/8xxx/CVE-2019-8129.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8129", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8129", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8263.json b/2019/8xxx/CVE-2019-8263.json index 3f539e09eab..74f338ee6ca 100644 --- a/2019/8xxx/CVE-2019-8263.json +++ b/2019/8xxx/CVE-2019-8263.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2019-03-01T00:00:00", - "ID" : "CVE-2019-8263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "UltraVNC", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "Kaspersky Lab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121: Stack-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2019-03-01T00:00:00", + "ID": "CVE-2019-8263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UltraVNC", + "version": { + "version_data": [ + { + "version_value": "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name": "Kaspersky Lab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/" - }, - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/" + }, + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8551.json b/2019/8xxx/CVE-2019-8551.json index 1855c78a384..4ca26217475 100644 --- a/2019/8xxx/CVE-2019-8551.json +++ b/2019/8xxx/CVE-2019-8551.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8551", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8551", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8725.json b/2019/8xxx/CVE-2019-8725.json index 83c9b4a6a67..84275740724 100644 --- a/2019/8xxx/CVE-2019-8725.json +++ b/2019/8xxx/CVE-2019-8725.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-8725", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-8725", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9202.json b/2019/9xxx/CVE-2019-9202.json index 9966113e207..ccfd56cce90 100644 --- a/2019/9xxx/CVE-2019-9202.json +++ b/2019/9xxx/CVE-2019-9202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9202", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9202", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9477.json b/2019/9xxx/CVE-2019-9477.json index 04e6a8bd803..680dfaec2e4 100644 --- a/2019/9xxx/CVE-2019-9477.json +++ b/2019/9xxx/CVE-2019-9477.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9477", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9477", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9538.json b/2019/9xxx/CVE-2019-9538.json index 6e071e98d74..173247d9624 100644 --- a/2019/9xxx/CVE-2019-9538.json +++ b/2019/9xxx/CVE-2019-9538.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-9538", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9538", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file